[Qt-interest] Qt Https double Two-way authentication?

Kermit kermit.mei at gmail.com
Wed Oct 26 11:07:04 CEST 2011 

Hello community,

    I want to use QNetwordAccessManager and QNetworkRequest to access a https web server(I used Nginx here). The code is like this:

//Init QSslConfiguration object: m_sslConfiguration

QList<QSslCertificate> caList = m_sslConfiguration.caCertificates();
caList.append(QSslCertificate("./cacert.pem")); //Root CA
m_sslConfiguration.setCaCertificates(caList);
QFile cpKey("./client.key");  //Client Private Key
if(cpKey.open(QIODevice::ReadOnly)) {
  m_sslConfiguration.setLocalCertificate(QSslCertificate(".client.crt"));
  m_sslConfiguration.setPrivateKey(QSslKey(&cpKey, QSsl::Rsa));
  m_sslConfiguration.setProtocol(QSsl::SslV3);  
  m_sslConfiguration.setPeerVerifyMode(QSslSocket::VerifyPeer);
}


//Request by QNetworkRequest:
if(m_webPageInfo) {
    QNetworkRequest request(m_webPageInfo->url());
    request.setSslConfiguration(m_sslConfiguration);
    get(request); //This will call QNetWorkAccessManager::get(...)
}


But I can't get the data, and nginx's log told me:

$ cat /var/log/nginx/localhost.ssl_error_log 
2011/10/26 16:39:22 [info] 22953#0: *1 client sent no required SSL certificate while reading client request headers, client: 10.0.2.15, server: , request: "GET /start.html HTTP/1.1", host: "10.0.2.15"
2011/10/26 16:41:49 [info] 22953#0: *2 client sent no required SSL certificate while reading client request headers, client: 10.0.2.15, server: , request: "GET /start.html HTTP/1.1", host: "10.0.2.15"
2011/10/26 16:43:49 [info] 22953#0: *3 client sent no required SSL certificate while reading client request headers, client: 10.0.2.15, server: , request: "GET /start.html HTTP/1.1", host: "10.0.2.15"
2011/10/26 16:45:17 [info] 22953#0: *4 client sent no required SSL certificate while reading client request headers, client: 10.0.2.15, server: , request: "GET /start.html HTTP/1.1", host: "10.0.2.15"


^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^

I don't know where I make the mistake so the the client can't 
sent the required SSL certificate?

By the way, if I don't ask the client's CA on web server, it works.
And the nginx.conf is now like this:
# SSL example
server {
    listen 443;
    ssl on;
    ssl_certificate /etc/ssl/nginx/nginx.crt;
    ssl_certificate_key /etc/ssl/nginx/nginx.key;
    ssl_verify_client on;
    ssl_client_certificate  /etc/ssl/nginx/cacert.pem;
    ssl_session_timeout 5m;
    access_log /var/log/nginx/localhost.ssl_access_log main;
    error_log /var/log/nginx/localhost.ssl_error_log info;
    root /var/www/localhost;
}




Thanks
B.R
Kermit

More information about the Qt-interest-old mailing list